PERFORCE change 91074 for review

Wayne Salamon wsalamon at FreeBSD.org
Sat Feb 4 16:09:56 GMT 2006 

http://perforce.freebsd.org/chv.cgi?CH=91074

Change 91074 by wsalamon at gretsch on 2006/02/04 16:09:08

	Updated list of audited system calls, with some additional notes.

Affected files ...

.. //depot/projects/trustedbsd/audit3/notes/syscall_audit.tsv#4 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/notes/syscall_audit.tsv#4 (text+ko) ====

@@ -7,9 +7,12 @@
 # Field 5 -> Comments
 #
 # For many of the fd-based ops, will need to create an attr token when vnode 
-# is available. If an audited arg is followed by ?, need to decide whether to 
-# audit. For some calls, the returned fd(s) probably should be audited because 
-# pathname auditing for fd-based calls isn't reliable, so auditing the 
+# is available. We will also audit the file decriptor to allow for
+# easier tracing through the log file, even though the attr token contains the
+# file ID. 
+# If an audited arg is followed by ?, need to decide whether to audit
+# For some calls, the returned fd(s) probably should be audited because 
+# pathname auditing for fd-based calls isn't done, therefore auditing the 
 # returned fd at time of creation (open, etc.) should be done so later calls 
 # can be traced back to a path in the audit trail.
 #
@@ -28,14 +31,14 @@
 SYS_unlink		10	Y	Y	path, attr
 
 SYS_chdir		12	Y	Y
-SYS_fchdir		13	Y	N	path; should fd be audited?
-SYS_mknod		14	Y	N	mode, dev, path
+SYS_fchdir		13	Y	Y	attr, fd
+SYS_mknod		14	Y	Y	mode, dev, path
 SYS_chmod		15	Y	Y	mode, path
 SYS_chown		16	Y	Y	uid, gid, path
 SYS_break		17	N	N
 
 SYS_getpid		20	N	N
-SYS_mount		21	Y	N	type, dir, flagsr; data?
+SYS_mount		21	Y	N	type, dir, flags
 SYS_unmount		22	Y	N	dir, flags
 SYS_setuid		23	Y	N	uid
 SYS_getuid		24	N	N
@@ -49,7 +52,7 @@
 SYS_getsockname		32	?	N	if audited: s, name; namelen?
 SYS_access		33	Y	N	path, mode
 SYS_chflags		34	Y	Y	path, flags, attr
-SYS_fchflags		35	Y	Y	fd, fflags
+SYS_fchflags		35	Y	Y	fd, attr, fflags
 SYS_sync		36	Y	N
 SYS_kill		37	Y	N	pid, sig
 
@@ -75,7 +78,7 @@
 SYS_readlink		58	Y	N	path, buf, bufsiz
 SYS_execve		59	Y	N	path, argv, envp?
 SYS_umask		60	Y	N	numask
-SYS_chroot		61	Y	N	dirname
+SYS_chroot		61	Y	Y	dirname
 
 SYS_old.fstat		62	?	N
 SYS_old.getkerninfo	63	N	N
@@ -109,7 +112,7 @@
 SYS_dup2		90	N	N
 SYS_fcntl		92	Y	N
 SYS_select		93	N	N
-SYS_fsync		95	Y	N
+SYS_fsync		95	Y	Y	fd, attr
 SYS_setpriority		96	Y	N
 SYS_socket		97	Y	N
 SYS_connect		98	Y	N
@@ -126,14 +129,14 @@
 SYS_readv		120	N	N
 SYS_writev		121	N	N
 SYS_settimeofday	122	Y	N
-SYS_fchown		123	Y	Y
-SYS_fchmod		124	Y	Y
+SYS_fchown		123	Y	Y	fd, attr, new uid, new gid
+SYS_fchmod		124	Y	Y	fd, attr, new mode
 
 SYS_setreuid		126	Y	N
 SYS_setregid		127	Y	N
 SYS_rename		128	Y	N
 				
-SYS_flock		131	Y	N
+SYS_flock		131	Y	N	fd, operation, addr
 SYS_mkfifo		132	Y	N
 SYS_sendto		133	Y	N
 SYS_shutdown		134	Y	N
@@ -206,8 +209,8 @@
 SYS_issetugid		253	N	N
 SYS_lchown		254	Y	Y
 SYS_getdents		272	Y	N
-SYS_lchmod		274	Y	Y
-SYS_netbsd_lchown	275	Y	N
+SYS_lchmod		274	Y	Y	path, attr, new mode
+SYS_netbsd_lchown	275	Y	N	path, attr, new mode
 SYS_lutimes		276	Y	N
 SYS_netbsd_msync	277	N	N	file writes are not audited
 SYS_nstat		278	Y	Y
@@ -284,7 +287,7 @@
 SYS___setugid		374	?	N
 SYS_nfsclnt		375	?	N
 SYS_eaccess		376	?	N
-SYS_nmount		378	Y	N
+SYS_nmount		378	Y	Y	iovec strings audited
 SYS_kse_exit		379	?	N
 SYS_kse_wakeup		380	?	N
 SYS_kse_create		381	?	N
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list